It is a simple text file in the INI format
(http://en.wikipedia.org/wiki/INI_file). In the following description,
each option name is prefixed with its own section and followed by its
default value if necessary, e.g. “<section>.<option> [value].”

Note

At runtime, configuration options can be overriden by environments
variables which name follows the option name with - replaced by _
and a CW_ prefix. For instance CW_BASE_URL=https://www.example.com
would override the base-url configuration option.

CubicWeb provides some support for the CORS protocol. For now, the
provided implementation only deals with access to a CubicWeb instance
as a whole. Support for a finer granularity may be considered in the
future.

Specificities of the provided implementation:

Access-Control-Allow-Credentials is always true

Access-Control-Allow-Origin header in response will never be
*

Access-Control-Expose-Headers can be configured globally (see below)

Access-Control-Max-Age can be configured globally (see below)

Access-Control-Allow-Methods can be configured globally (see below)

Access-Control-Allow-Headers can be configured globally (see below)

A few parameters can be set to configure the CORS capabilities of CubicWeb.